Search in sources :

Example 6 with WSFederationMetaException

use of com.sun.identity.wsfederation.meta.WSFederationMetaException in project OpenAM by OpenRock.

the class DefaultAccountMapper method getAttribute.

/**
     * Returns the attribute value configured in the given entity
     * SP or IDP configuration.
     * @param realm realm name.
     * @param entityID hosted <code>EntityID</code>.
     * @param attributeName name of the attribute.
     */
protected String getAttribute(String realm, String entityID, String attributeName) {
    if (realm == null || entityID == null || attributeName == null) {
        if (debug.messageEnabled()) {
            debug.message("DefaultAccountMapper.getAttribute: " + "null input parameters.");
        }
        return null;
    }
    try {
        BaseConfigType config = null;
        if (role.equals(IDP)) {
            config = WSFederationUtils.getMetaManager().getIDPSSOConfig(realm, entityID);
        } else {
            config = WSFederationUtils.getMetaManager().getSPSSOConfig(realm, entityID);
        }
        Map attributes = WSFederationMetaUtils.getAttributes(config);
        if (attributes == null || attributes.isEmpty()) {
            if (debug.messageEnabled()) {
                debug.message("DefaultAccountMapper.getAttribute:" + " attribute configuration is not defined for " + "Entity " + entityID + " realm =" + realm + " role=" + role);
            }
            return null;
        }
        List list = (List) attributes.get(attributeName);
        if (list != null && list.size() > 0) {
            return (String) list.iterator().next();
        }
        if (debug.messageEnabled()) {
            debug.message("DefaultSPAccountMapper.getAttribute: " + attributeName + " is not configured.");
        }
        return null;
    } catch (WSFederationMetaException sme) {
        if (debug.warningEnabled()) {
            debug.warning("DefaultSPAccountMapper.getAttribute:" + "Meta Exception", sme);
        }
    }
    return null;
}
Also used : BaseConfigType(com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType) List(java.util.List) WSFederationMetaException(com.sun.identity.wsfederation.meta.WSFederationMetaException) HashMap(java.util.HashMap) Map(java.util.Map)

Example 7 with WSFederationMetaException

use of com.sun.identity.wsfederation.meta.WSFederationMetaException in project OpenAM by OpenRock.

the class WSFederationUtils method isSignatureValid.

/**
     * Determine the validity of the signature on the <code>Assertion</code>
     * @param assertion SAML 1.1 Assertion
     * @param realm Realm for the issuer
     * @param issuer Assertion issuer - used to retrieve certificate for 
     * signature validation.
     * @return true if the signature on the object is valid; false otherwise.
     */
public static boolean isSignatureValid(Assertion assertion, String realm, String issuer) {
    boolean valid = false;
    String signedXMLString = assertion.toString(true, true);
    String id = assertion.getAssertionID();
    try {
        FederationElement idp = metaManager.getEntityDescriptor(realm, issuer);
        X509Certificate cert = KeyUtil.getVerificationCert(idp, issuer, true);
        XMLSignatureManager manager = XMLSignatureManager.getInstance();
        valid = SigManager.getSigInstance().verify(signedXMLString, id, Collections.singleton(cert));
    } catch (WSFederationMetaException ex) {
        valid = false;
    } catch (SAML2Exception ex) {
        valid = false;
    }
    if (!valid) {
        String[] data = { LogUtil.isErrorLoggable(Level.FINER) ? signedXMLString : id, realm, issuer };
        LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE_ASSERTION, data, null);
    }
    return valid;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager) WSFederationMetaException(com.sun.identity.wsfederation.meta.WSFederationMetaException) FederationElement(com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement) X509Certificate(java.security.cert.X509Certificate)

Example 8 with WSFederationMetaException

use of com.sun.identity.wsfederation.meta.WSFederationMetaException in project OpenAM by OpenRock.

the class CreateMetaDataModelImpl method createWSFedProvider.

/**
     * Creates a WS Federation provider.
     *
     * @param realm Realm Name.
     * @param entityId Entity Id.
     * @param values   Map of property name to values.
     * 
     * @throws AMConsoleException if duplicate metaAliases provided or unable to create or import metadata.
     * */
public void createWSFedProvider(String realm, String entityId, Map values) throws AMConsoleException {
    try {
        List<String> metaAliases = getFederationAlias(values, MetaTemplateParameters.P_WS_FED_ALIASES);
        Set<String> duplicateCheck = new HashSet<String>(metaAliases);
        if (duplicateCheck.size() < metaAliases.size()) {
            throw new AMConsoleException(getLocalizedString("federation.create.provider.duplicate.metaAlias"));
        }
        WSFederationMetaManager metaManager = new WSFederationMetaManager();
        metaManager.validateMetaAliasForNewEntity(realm, metaAliases);
        String metadata = CreateWSFedMetaDataTemplate.createStandardMetaTemplate(entityId, values, requestURL);
        String extendedData = CreateWSFedMetaDataTemplate.createExtendedMetaTemplate(entityId, values);
        FederationElement elt = (FederationElement) WSFederationMetaUtils.convertStringToJAXB(metadata);
        String federationID = elt.getFederationID();
        if (federationID == null) {
            federationID = WSFederationConstants.DEFAULT_FEDERATION_ID;
        }
        metaManager.createFederation(realm, elt);
        FederationConfigElement cfg = (FederationConfigElement) WSFederationMetaUtils.convertStringToJAXB(extendedData);
        metaManager.createEntityConfig(realm, cfg);
    } catch (WSFederationMetaException ex) {
        throw new AMConsoleException(ex.getMessage());
    } catch (JAXBException ex) {
        throw new AMConsoleException(ex.getMessage());
    } catch (CertificateEncodingException ex) {
        throw new AMConsoleException(ex.getMessage());
    }
}
Also used : WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager) JAXBException(javax.xml.bind.JAXBException) FederationConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.FederationConfigElement) CertificateEncodingException(java.security.cert.CertificateEncodingException) WSFederationMetaException(com.sun.identity.wsfederation.meta.WSFederationMetaException) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) FederationElement(com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement) HashSet(java.util.HashSet)

Example 9 with WSFederationMetaException

use of com.sun.identity.wsfederation.meta.WSFederationMetaException in project OpenAM by OpenRock.

the class EntityModelImpl method getWSFedEntities.

/**
     * Returns a map of all the wsfed entities including data about
     * what realm, the roles, and location of each entity.
     *
     * @throws AMConsoleException if unable to retrieve the WSFED entities.
     */
public Map getWSFedEntities() throws AMConsoleException {
    Map wsfedMap = new HashMap();
    for (Iterator i = realms.iterator(); i.hasNext(); ) {
        String realm = (String) i.next();
        try {
            WSFederationMetaManager metaManager = new WSFederationMetaManager();
            Set wsfedEntities = metaManager.getAllEntities(realm);
            List hosted = metaManager.getAllHostedEntities(realm);
            for (Iterator j = wsfedEntities.iterator(); j.hasNext(); ) {
                String entity = (String) j.next();
                Map data = new HashMap(8);
                data.put(REALM, realm);
                data.put(PROTOCOL, WSFED);
                data.put(ROLE, listToString(getWSFedRoles(entity, realm)));
                if ((hosted != null) && (hosted.contains(entity))) {
                    data.put(LOCATION, HOSTED);
                } else {
                    data.put(LOCATION, REMOTE);
                }
                String entityNamewithRealm = entity + "," + realm;
                wsfedMap.put(entityNamewithRealm, (HashMap) data);
            }
        } catch (WSFederationMetaException e) {
            debug.error("EntityModel.getWSFedEntities", e);
            throw new AMConsoleException(e.getMessage());
        }
    }
    return (wsfedMap != null) ? wsfedMap : Collections.EMPTY_MAP;
}
Also used : WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager) HashSet(java.util.HashSet) Set(java.util.Set) OrderedSet(com.sun.identity.shared.datastruct.OrderedSet) HashMap(java.util.HashMap) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) List(java.util.List) WSFederationMetaException(com.sun.identity.wsfederation.meta.WSFederationMetaException) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) HashMap(java.util.HashMap) Map(java.util.Map)

Example 10 with WSFederationMetaException

use of com.sun.identity.wsfederation.meta.WSFederationMetaException in project OpenAM by OpenRock.

the class EntityModelImpl method getWSFedRoles.

public List getWSFedRoles(String entity, String realm) {
    List roles = new ArrayList(4);
    boolean isSP = true;
    int cnt = 0;
    try {
        WSFederationMetaManager metaManager = new WSFederationMetaManager();
        if (metaManager.getIDPSSOConfig(realm, entity) != null) {
            roles.add(IDENTITY_PROVIDER);
        }
        if (metaManager.getSPSSOConfig(realm, entity) != null) {
            roles.add(SERVICE_PROVIDER);
        }
        //to handle dual roles specifically for WSFED
        if (roles.isEmpty()) {
            FederationElement fedElem = metaManager.getEntityDescriptor(realm, entity);
            if (fedElem != null) {
                for (Iterator iter = fedElem.getAny().iterator(); iter.hasNext(); ) {
                    Object o = iter.next();
                    if (o instanceof UriNamedClaimTypesOfferedElement) {
                        roles.add(IDENTITY_PROVIDER);
                        isSP = false;
                    } else if (o instanceof TokenIssuerEndpointElement) {
                        cnt++;
                    }
                }
                if ((isSP) || (cnt > 1)) {
                    roles.add(SERVICE_PROVIDER);
                }
            }
        }
    } catch (WSFederationMetaException e) {
        debug.warning("EntityModelImpl.getWSFedRoles", e);
    }
    return (roles != null) ? roles : Collections.EMPTY_LIST;
}
Also used : WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager) UriNamedClaimTypesOfferedElement(com.sun.identity.wsfederation.jaxb.wsfederation.UriNamedClaimTypesOfferedElement) ArrayList(java.util.ArrayList) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) List(java.util.List) WSFederationMetaException(com.sun.identity.wsfederation.meta.WSFederationMetaException) FederationElement(com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement) TokenIssuerEndpointElement(com.sun.identity.wsfederation.jaxb.wsfederation.TokenIssuerEndpointElement)

Aggregations

WSFederationMetaException (com.sun.identity.wsfederation.meta.WSFederationMetaException)30 WSFederationMetaManager (com.sun.identity.wsfederation.meta.WSFederationMetaManager)20 List (java.util.List)13 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)11 FederationElement (com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement)10 Iterator (java.util.Iterator)10 Map (java.util.Map)9 HashMap (java.util.HashMap)8 JAXBException (javax.xml.bind.JAXBException)8 CLIException (com.sun.identity.cli.CLIException)7 HashSet (java.util.HashSet)7 BaseConfigType (com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType)6 IDPSSOConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement)5 ArrayList (java.util.ArrayList)5 Set (java.util.Set)5 FederationConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.FederationConfigElement)4 UriNamedClaimTypesOfferedElement (com.sun.identity.wsfederation.jaxb.wsfederation.UriNamedClaimTypesOfferedElement)4 WSFederationException (com.sun.identity.wsfederation.common.WSFederationException)3 TokenIssuerEndpointElement (com.sun.identity.wsfederation.jaxb.wsfederation.TokenIssuerEndpointElement)3 IOException (java.io.IOException)3